[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP and AD?

Le Ngoc Thach wrote:
Hi Jacques Landru,

I have a dream to have all passwords and users in LdapServer.

I think you and I had the same dream, how about that? :)

At any rate there are a number of ways to do synchronization already. I am working one more way to do this at http://acctsync.sourceforge.net/ .

I am taking the approach that iPlanet did with they NT directory sync product. It comprises of a NT/2000 password filter that catches user password changes and updates the directory, and ldap server plugins that update NT/2000 when a user is added or a password gets changed.

Although still in Alpha, I have wrote a generic password filter that calls a external script on user password changes. My goal is to use this dll along with a 'passwd.pl' perl script to send this changes to the OpenLDAP server. Someone else has wrote a password filter that does a direct ldap modify on the user's password attribute in the OpenLDAP server. The latter is more efficient, but I believe less flexible. Either way there's a choice.

I have made modifications to the perl backend to have it compile windows. The patch is against CVS and is available from http://prdownloads.sourceforge.net/acctsync/back-perl.win32.current.patch.gz
I have tested the patch with activestate perl although, I believe another perl 5.6 distribution would work with minimal effort. I don't know when/if the patch will be incorporated into OpenLDAP CVS.

The final piece of the puzzle is the perl scripts to do the work. I am planning to write these sometime this weekend. I'll also include pre-built binaries if I get the chance as well. If you are interested keep an eye on http://acctsync.sourceforge.net/ .


http://linuxquestions.org/ - Ask linux questions, give linux help.
http://splint.org/ - Write safe C code. splint source-code analyzer.